Gröbner Bases of Bihomogeneous Ideals Generated by …€¦ · Determinantal ideals What is known...
Transcript of Gröbner Bases of Bihomogeneous Ideals Generated by …€¦ · Determinantal ideals What is known...
Gröbner Bases of Bihomogeneous IdealsGenerated by Polynomials of Bidegree (1,1):Algorithms, Complexity and Applications
Jean�Charles Faugère Mohab Safey El DinPierre�Jean Spaenlehauer
UPMC � LIP6 � CNRS � INRIA Paris - Rocquencourt
SALSA team
Séminaire Algorithms � INRIA2010/04/26
1/30 PJ Spaenlehauer
Bilinear polynomials
Bihomogeneous
f (x0, . . . , xnx , y0, . . . , yny ) =∑
ai ,jxiyj .
A�ne
f (a)(x1, . . . , xnx , y1, . . . , yny ) = f (h)(1, x1, . . . , xnx , 1, y1, . . . , yny ).
Important class of polynomials.
Often encountered in practice.
Di�erent nature of the variables.
Related to determinantal ideals.
2/30 PJ Spaenlehauer
Motivations
Cryptanalysis of MinRank
[Faugère/Levy/Perret CRYPTO'08, Faugère/Safey/S. ISSAC'10].
Cryptanalysis of MacEliece
[Faugère/Otmani/Perret/Tilich EUROCRYPT'10].
Real algebraic geometry
[Safey/Trébuchet 06, Bank/Giusti/Heintz/Safey/Schost AAECC'10].
MinRank (linear algebra, cryptology, coding theory)
Find λ1, . . . , λk such that
Rank
kX
i=1
λiMi
!≤ r ⇒
kX
i=1
λiMi
!x (j) = 0.
Extension: Lagrange multipliers (geometry, optimisation)
Maximize f (x) with the constraints gi (x) = 0:
grad“λ0f (x) +
Xλigi (x)
”= 0.
3/30 PJ Spaenlehauer
Macaulay matrix in degree d
I = 〈f1, . . . , fp〉 deg(fi ) = di � a monomial ordering
Rows: all products tfi where t ∈ Monomials(d − di ).Columns: monomials of degree d .
m1 � · · · � m`
t1f1...
tk fp
row echelon forms of the Macaulay matrices =⇒ Gröbner basis.
Problem
Rank defect =⇒ useless computations.
tfi reduces to zero: the associated row in the Macaulay matrixbecomes zero after reduction.
4/30 PJ Spaenlehauer
Macaulay matrix in degree d
I = 〈f1, . . . , fp〉 deg(fi ) = di � a monomial ordering
Rows: all products tfi where t ∈ Monomials(d − di ).Columns: monomials of degree d .
m1 � · · · � m`
t1f1...
tk fp
row echelon forms of the Macaulay matrices =⇒ Gröbner basis.
Problem
Rank defect =⇒ useless computations.
tfi reduces to zero: the associated row in the Macaulay matrixbecomes zero after reduction.
4/30 PJ Spaenlehauer
Main results
What was known:
Giusti
Lazard
Macaulay
Bardet
Faugère
Salvy
New results:
p ≤ n p > n bilinear
reductions to 0 F5 criterion extended F5 crit.
subclass regularity semi-regularity biregularity
Hilbert seriesQ
(1−tdi )(1−t)n
[Q(1−tdi )
(1−t)n
]Q(t1,t2)
(1−t1)nx (1−t2)ny
Complexity ≈ 2ωn ≈ 2ω(α−1/2−√α(α−1))n ≈ 2ωmin(nx ,ny )
New theoretical complexity bounds. Con�rmed by experiments.
New classes of bilinear systems which can be solved in polynomial
time.
Direct application to Crypto problems.
5/30 PJ Spaenlehauer
A more general framework: multihomogeneous systems
De�nition
f ∈ K[X (1), . . . ,X (`)] is multihomogeneous of multidegree(d1, . . . , d`) if for all λ1, . . . , λ`,
f (λ1X(1), . . . , λ`X
(`)) = λd11 . . . λd`` f (X
(1), . . . ,X (`)).
Previous work
Multihomogeneous elimination [Rémond 01].
Multihomogeneous Bézout theorem [VanDerWaerden 28,Safey/Trébuchet 06].
Multihomogeneous homotopy methods [Morgan/SommeseApplied Math. and Comp. 87, Wampler Num. Math. 93].
Multihomogeneous resultants [Canny/Emiris JSC'95,Dickenstein/Emiris JSC'03, Mantza�aris/Emiris ISSAC'09,Jeronimo/Sabia JSC'07, McCoy AMS'33, Weyman/ZelevinskiJ. of Alg. Geom. 94].
6/30 PJ Spaenlehauer
Gröbner bases
Gröbner bases
I a polynomial ideal. Gröbner basis (w.r.t. a monomial ordering):G ⊂ I a �nite set of polynomials such that LM(I ) = 〈LM(G )〉.
Buchberger [Buchberger Ph.D. 65].
F4 [Faugère J. of Pure and Appl. Alg. 99].
F5 [Faugère ISSAC'02].
→ Polynomial System Solving.
7/30 PJ Spaenlehauer
Program
Study of a class of systems from the viewpoint of Gröbner bases:
1 Avoid computing zero.
2 Characterize a �nice� subclass of systems.
3 Generic Hilbert series.
4 Complexity analysis.
8/30 PJ Spaenlehauer
Program
Study of a class of systems from the viewpoint of Gröbner bases:
1 Avoid computing zero.
2 Characterize a �nice� subclass of systems.
3 Generic Hilbert series.
4 Complexity analysis.
8/30 PJ Spaenlehauer
Program
Study of a class of systems from the viewpoint of Gröbner bases:
1 Avoid computing zero.
2 Characterize a �nice� subclass of systems.
3 Generic Hilbert series.
4 Complexity analysis.
8/30 PJ Spaenlehauer
Program
Study of a class of systems from the viewpoint of Gröbner bases:
1 Avoid computing zero.
2 Characterize a �nice� subclass of systems.
3 Generic Hilbert series.
4 Complexity analysis.
8/30 PJ Spaenlehauer
F5 criterion: mathematical formulation
If t ∈ LM(〈f1, . . . , fi−1〉), then the row tfi is reduced to zero.
F5 criterion: algorithm
Iterative computations ofGB(〈f1〉),GB(〈f1, f2〉), . . . ,GB(〈f1, . . . , fp〉).
∃g ∈ GB(〈f1, . . . , fi−1〉) s.t. LM(g) divides t ⇒ tfi reduces to zero.
�Optimal� for regular (and semi-regular) homogeneous systems,but...bilinear systems are not regular !
9/30 PJ Spaenlehauer
F5 criterion: mathematical formulation
If t ∈ LM(〈f1, . . . , fi−1〉), then the row tfi is reduced to zero.
F5 criterion: algorithm
Iterative computations ofGB(〈f1〉),GB(〈f1, f2〉), . . . ,GB(〈f1, . . . , fp〉).
∃g ∈ GB(〈f1, . . . , fi−1〉) s.t. LM(g) divides t ⇒ tfi reduces to zero.
�Optimal� for regular (and semi-regular) homogeneous systems,but...
bilinear systems are not regular !
9/30 PJ Spaenlehauer
F5 criterion: mathematical formulation
If t ∈ LM(〈f1, . . . , fi−1〉), then the row tfi is reduced to zero.
F5 criterion: algorithm
Iterative computations ofGB(〈f1〉),GB(〈f1, f2〉), . . . ,GB(〈f1, . . . , fp〉).
∃g ∈ GB(〈f1, . . . , fi−1〉) s.t. LM(g) divides t ⇒ tfi reduces to zero.
�Optimal� for regular (and semi-regular) homogeneous systems,but...bilinear systems are not regular !
9/30 PJ Spaenlehauer
Bilinear systems
F = (f1, . . . , fm): system of bilinear equations.
jacX (Fi ) =
∂f1∂x0
. . . ∂f1∂xnx
......
...∂fi∂x0
. . . ∂fi∂xnx
jacY (Fi ) =
∂f1∂y0
. . . ∂f1∂yny
......
...∂fi∂y0
. . . ∂fi∂yny
Euler relations
f =∑
xj∂f
∂xj=∑
yj∂f
∂yj.
jacX (Fi ) ·
x0...xnx
=
f1...fi
jacY (Fi ) ·
y0...yny
=
f1...fi
10/30 PJ Spaenlehauer
Bilinear systems
Euler relations
jacX (Fi ) ·
x0...xnx
=
f1...fi
jacY (Fi ) ·
y0...yny
=
f1...fi
(s1, . . . , si ) ∈ Syz(f1, . . . , fi )⇐⇒i∑
k=1
sk fk = 0.
tfi reduces to zero i� ∃(s1, . . . , si ) ∈ Syz(f1, . . . , fi ) s.t. LM(si ) = t.
(s1, . . . , si ) ∈ KerL(jacX (Fi )) (resp. KerL(jacY (Fi )))⇒ (s1, . . . , si ) ∈ Syz(f1, . . . , fi ).
11/30 PJ Spaenlehauer
Bilinear systems
Euler relations
jacX (Fi ) ·
x0...xnx
=
f1...fi
jacY (Fi ) ·
y0...yny
=
f1...fi
(s1, . . . , si ) ∈ Syz(f1, . . . , fi )⇐⇒i∑
k=1
sk fk = 0.
tfi reduces to zero i� ∃(s1, . . . , si ) ∈ Syz(f1, . . . , fi ) s.t. LM(si ) = t.
(s1, . . . , si ) ∈ KerL(jacX (Fi )) (resp. KerL(jacY (Fi )))⇒ (s1, . . . , si ) ∈ Syz(f1, . . . , fi ).
11/30 PJ Spaenlehauer
Kernel of matrices whose entries are linear forms
k-variate linear matrices of size p × q.
Proposition (Cramer's Rule)
If p = q + 1, then the left kernel of a generic linear matrix isgenerated a vector of maximal minors.
12/30 PJ Spaenlehauer
Kernel of matrices whose entries are linear forms
k-variate linear matrices of size p × q.
Conjecture
If p− q ≥ k − 1, then the left kernel of a generic linear matrix isgenerated by vectors of maximal minors.
Supported by experiments.
12/30 PJ Spaenlehauer
An extension of the F5 criterion for bilinear systemsMathematical characterization
F5 criterion
t ∈ LM(〈f1, . . . , fi−1〉)⇒ tfi reduces to zero.
fi fj − fj fi = 0.
Extended criterion
t ∈ LM(〈Minors(jacX (Fi−1))〉) ∪ LM(〈Minors(jacY (Fi−1))〉)⇒ tfireduces to zero.
Syzygies in KerL(jacX (Fi )) and KerL(jacY (Fi )).
13/30 PJ Spaenlehauer
An extension of the F5 criterion for bilinear systemsAlgorithmic issues
F5 criterion
The Gröbner bases GB(f1),GB(f1, f2), . . . ,GB(f1, . . . , fm) arecomputed iteratively.
Extended criterion
Precompute GB(〈Minors(jacX (Fi−1))〉) andGB(〈Minors(jacY (Fi−1))〉)
What cost ?
13/30 PJ Spaenlehauer
Determinantal ideals
What is known
Determinantal ideals: Bernstein/Zelevinsky J. of Alg. Comb.93, Bruns/Conca 98, Sturmfels/Zelevinsky Adv. Math. 98,Conca/Herzog AMS'94, Lascoux 78...
Geometry of determinantal varieties: Room 39, Fulton DukeMath. J. 91, Giusti/Merle Int. Conf. on Alg. Geo. 82...
Polar varieties: Bank/Giusti/Heintz/Pardo J. of Compl. 05,Safey/Schost ISSAC'03, Teissier Pure and Appl. Math. 91...
A Theorem of Bernstein, Sturmfels and Zelevinski
M a p × q matrix whose entries are variables. For any monomialordering, the maximal minors of M are a Gröbner basis of theassociated ideal.
14/30 PJ Spaenlehauer
Determinantal ideals
What is known
Determinantal ideals: Bernstein/Zelevinsky J. of Alg. Comb.93, Bruns/Conca 98, Sturmfels/Zelevinsky Adv. Math. 98,Conca/Herzog AMS'94, Lascoux 78...
Geometry of determinantal varieties: Room 39, Fulton DukeMath. J. 91, Giusti/Merle Int. Conf. on Alg. Geo. 82...
Polar varieties: Bank/Giusti/Heintz/Pardo J. of Compl. 05,Safey/Schost ISSAC'03, Teissier Pure and Appl. Math. 91...
A variant of a Theorem of Bernstein, Sturmfels and Zelevinski
M a k-variate p × q linear matrix. Generically, a grevlex GB of〈Minors(M)〉: linear combination of the generators.
=⇒ LM(Minors(M)) = 〈Monomialsp−q+1(q)〉.
14/30 PJ Spaenlehauer
An algorithm to detect reductions to zero
Algorithm � criterion
Maximal minors of jacY (Fi−1) (polynomials of degreeny + 1).
Gauss reduction.
t is a leading monomial ⇒ tfi reduces to zero.
Symetrically, same process with jacX (Fi−1).
15/30 PJ Spaenlehauer
Program
1 Avoid computing zero.
2 Characterize a �nice� subclass of systems.
3 Generic Hilbert series.
4 Complexity analysis.
16/30 PJ Spaenlehauer
Biregular systems
Weak biregularity: de�nition
sfi = 0 mod 〈f1, . . . , fi−1〉 ⇒
s = 0 mod 〈f1, . . . , fi−1〉s ∈ 〈Minors(jacX (Fi−1))〉s ∈ 〈Minors(jacY (Fi−1))〉
Grevlex ordering.
Theorem: generic reductions to 0
For a generic bilinear system f1, . . . , fm, the reductions to zeronot detected by the F5 criterion are:
{tfi | i > ny + 1, t ∈ MonomialsXi−ny−2(ny + 1)}[{tfi | i > nx + 1, t ∈ MonomialsYi−nx−2(nx + 1)}
17/30 PJ Spaenlehauer
Biregular systems
Weak biregularity: de�nition
sfi = 0 mod 〈f1, . . . , fi−1〉 ⇒
s = 0 mod 〈f1, . . . , fi−1〉s ∈ 〈Minors(jacX (Fi−1))〉s ∈ 〈Minors(jacY (Fi−1))〉
Grevlex ordering.
Theorem: generic reductions to 0
For a generic bilinear system f1, . . . , fm, the reductions to zeronot detected by the F5 criterion are:
{tfi | i > ny + 1, t ∈ MonomialsXi−ny−2(ny + 1)}[{tfi | i > nx + 1, t ∈ MonomialsYi−nx−2(nx + 1)}
17/30 PJ Spaenlehauer
Biregular systems
Weak biregularity: de�nition
sfi = 0 mod 〈f1, . . . , fi−1〉 ⇒
s = 0 mod 〈f1, . . . , fi−1〉s ∈ 〈Minors(jacX (Fi−1))〉s ∈ 〈Minors(jacY (Fi−1))〉
Grevlex ordering.
Strong biregularity: computational de�nition
The bilinear system f1, . . . , fm is biregular if the reductions to zeronot detected by the F5 criterion are:
{tfi | i > ny + 1, t ∈ MonomialsXi−ny−2(ny + 1)}[{tfi | i > nx + 1, t ∈ MonomialsYi−nx−2(nx + 1)}
17/30 PJ Spaenlehauer
Extended criterion for biregular systems → no reduction to zero.
Theorem
Generically, bilinear systems are biregular, i.e. the set of biregularbilinear systems is a Zariski nonempty open subset.
18/30 PJ Spaenlehauer
Program
1 Avoid computing zero.
2 Characterize a �nice� subclass of systems.
3 Generic Hilbert series.
4 Complexity analysis.
19/30 PJ Spaenlehauer
Hilbert biseries
Hilbert biseries:
HSI (t1, t2) =∑
dim(K[X ,Y ]α,β/Iα,β)tα1 t
β2
Generating series of the rank defects of the Macaulaymatrices.Complexity analysis [Bardet/Faugère/Salvy ISCPP'04].
Biseries of bilinear systems
HSI (t1, t2) =Q(t1, t2)
(1− t1)nx+1(1− t2)ny+1
20/30 PJ Spaenlehauer
Hilbert biseries
Hilbert biseries:
HSI (t1, t2) =∑
dim(K[X ,Y ]α,β/Iα,β)tα1 t
β2
Generating series of the rank defects of the Macaulaymatrices.
Complexity analysis [Bardet/Faugère/Salvy ISCPP'04].
Biseries of generic bilinear systems
If f1, . . . , fm is a biregular bilinear system, then the biseries ofI = 〈f1, . . . , fm〉 is:
HSI (t1, t2) =(1− t1t2)
m + F(t1, t2, nx , ny ) + F(t2, t1, ny , nx)
(1− t1)nx+1(1− t2)ny+1,
F(t1, t2, nx , ny )=Pm−(ny+1)
`=1(1− t1t2)m−(ny+1)−`t1t2(1− t2)ny+1[1− (1− t1)`
Pny+1
k=1tny+1−k1
“`+ny−k
ny+1−k
”].
20/30 PJ Spaenlehauer
Sketch of the proof (I)
K[X ,Y ]/Im−1×fm−−→ K[X ,Y ]/Im−1.
Generating series of the kernel
G(m)(t1, t2) =∑
dim(Ker(×fm)d1,d2)td11 td22 .
Recurrence
HSIm(t1, t2) = (1− t1t2)HSIm−1 + t1t2G(m−1)(t1, t2).
A property of the syzygy module
Ker(×fm) = (Ker(×fm)∩K[X ]) ∪ (Ker(×fm)∩K[Y ]).
⇒ G (m)(t1, t2) = g(m)x (t1) + g
(m)y (t2)
21/30 PJ Spaenlehauer
Sketch of the proof (II)
Finding G (m)(t1, t2)
G (m)(t1, t2) = g(m)x (t1) + g
(m)y (t2), where g
(m)x (t) (resp. g
(m)y (t))
is the generating series of Monomialsm−nx−1(ny + 1) (resp.Monomialsm−ny−1(nx + 1)):
g(m)x (t) =
0 if m < ny
1
(1− t)nx+1−
∑1≤j≤ny+1
(m−j
ny+1−j)tny+1−j
(1− t)nx+ny−m+1
22/30 PJ Spaenlehauer
Generic properties
strong biregularity
weak biregularity Hilbert series
23/30 PJ Spaenlehauer
Generic properties
strong biregularity
weak biregularity Hilbert series?
X X
23/30 PJ Spaenlehauer
Program
1 Avoid computing zero.
2 Characterize a �nice� subclass of systems.
3 Generic Hilbert series.
4 Complexity analysis.
24/30 PJ Spaenlehauer
Complexity of a�ne bilinear systems
Theorem: degree of regularity
Degree of regularity of a generic 0-dim a�ne bilinear system forthe grevlex ordering:
dreg ≤ min(nx + 1, ny + 1).
Sharp bound in practice.
Theorem: regularity
Generic a�ne bilinear systems are regular ⇒ No reduction tozero during the F5 Algorithm.
25/30 PJ Spaenlehauer
Complexity
Solving a�ne bilinear systems
The complexity of computing a grevlex Gröbner basis of azero-dimensional ideal generated by generic a�ne bilinearpolynomials is upper bounded by:
O(Monomials(dreg)ω).
nx constant, ny grows =⇒ complexity polynomial in ny .
X and Y unbalanced ⇒ easy to solve.
Better than Macaulay bound:
O(Monomials(nx + ny + 1)ω) ≈ O(2ω(nx+ny )
).
Complexity observed in practice !!!
26/30 PJ Spaenlehauer
Complexity
Solving a�ne bilinear systems
The complexity of computing a grevlex Gröbner basis of azero-dimensional ideal generated by generic a�ne bilinearpolynomials is upper bounded by:
O(Monomials(min(nx + 1, ny + 1))ω) ≈ O(2ωmin(nx ,ny )
).
nx constant, ny grows =⇒ complexity polynomial in ny .
X and Y unbalanced ⇒ easy to solve.
Better than Macaulay bound:
O(Monomials(nx + ny + 1)ω) ≈ O(2ω(nx+ny )
).
Complexity observed in practice !!!
26/30 PJ Spaenlehauer
Complexity
Solving a�ne bilinear systems
The complexity of computing a grevlex Gröbner basis of azero-dimensional ideal generated by generic a�ne bilinearpolynomials is upper bounded by:
O(Monomials(min(nx + 1, ny + 1))ω) ≈ O(2ωmin(nx ,ny )
).
nx constant, ny grows =⇒ complexity polynomial in ny .
X and Y unbalanced ⇒ easy to solve.
Better than Macaulay bound:
O(Monomials(nx + ny + 1)ω) ≈ O(2ω(nx+ny )
).
Complexity observed in practice !!!
26/30 PJ Spaenlehauer
Program
1 Avoid computing zero.
2 Characterize a �nice� subclass of systems.
3 Generic Hilbert series.
4 Complexity analysis.
27/30 PJ Spaenlehauer
Application to the MinRank problem
[Buss/Frandsen/Shallit 96, Courtois Ph.D. 01,Faugère/Levy-dit-Vehel/Perret CRYPTO'08,Kipnis/Shamir CRYPTO'99]
MinRank
M0, . . . ,Mk are k + 1 matrices n× n. Given r , �nd λ1, . . . , λk suchthat
Rank(M0 −k∑
i=1
λiMi ) ≤ r .
Fundamental NP-hard problem in linear algebra.
Important problem in multivariate cryptology.
Applications in geometry.
Generalization of the Eigenvalue problem.
28/30 PJ Spaenlehauer
The Kipnis-Shamir modeling
Solve the system
m(0)1,1 −
Pλim
(i)1,1 . . . m
(0)1,n −
Pλim
(i)1,n
.... . .
...
m(0)n,1 −
Pλim
(i)n,1 . . . m
(0)n,n −
Pλim
(i)n,n
·
In−r
x(1)1
. . . x(n−r)1
......
...
x(1)r . . . x
(n−r)r
= 0.
polynomials are bilinear �by blocks�.
−→ can be solved in time polynomial in n when the numberof λ is constant.
Minors modeling.
Faugère, Safey, S.Computing loci of rank defects of linear matrices using Gröbnerbases and applications to cryptology.ISSAC 2010.
29/30 PJ Spaenlehauer
Conclusion
Solving bilinear systems using Gröbner bases algorithms...... from theoretical and practical viewpoints.Applications to a concrete problem in cryptology.Multihomogeneous structure of the Macaulay matrices →speed-up the computation of the row echelon forms (not inthis talk).
What remains to do ?
Proof of the conjecture about the kernel of linear matrices.
Equivalence Hilbert series � weak biregularity ?
Degree of regularity for homogeneous bilinear systems.
Perspectives
Generalization to multihomogeneous systems ?
Properties of determinantal ideals ?
Applications ?
30/30 PJ Spaenlehauer